Local inline categorization (previously known as inline ML) enables the firewall dataplane to apply machine learning (ML) on webpages to alert users when phishing variants are detected while preventing malicious variants of JavaScript exploits from entering your network. Local inline categorization dynamically analyzes and detects malicious content by evaluating various webpage details using a series of ML models. Each ML model detects malicious content by evaluating file details, including decoder fields and patterns, to formulate a high probability classification and verdict, which is then used as part of your larger web security policy. URLs classified as malicious are forwarded to PAN-DB for additional analysis and validation. You can specify URL exceptions to exclude any false-positives that might be encountered. This allows you to create more granular rules for your profiles to support your specific security needs. To keep up with the latest changes in the threat landscape, inline ML models are updated regularly and added via content releases. An active Advanced URL Filtering subscription is required to configure inline categorization.

You can also enable inline ML-based protection to detect malicious Portable Executable (PE), ELF and MS Office files, and PowerShell and shell scripts in real-time as part of your Antivirus profile configuration. For more information, refer to: Advanced Wildfire Inline ML.